Embodiments of the present disclosure generally relate to a system, apparatus, and method for providing anti-replay protection of data stored in a non-volatile memory device. Some embodiments describe an anti-replay protection (ARP) device that may protect an external non-volatile memory device from replay attacks.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A system for anti-replay protection comprising: a non-volatile memory device; a main power source; and an anti-replay protection device configured to receive power from the main power source, the anti-replay protection device comprising: a one-time programmable (OTP) memory device comprising a replay counter that is updated in response to at least a portion of the anti-replay protection device failing to receive power from the main power source; a persistent memory device; and a processor, coupled to the OTP memory device and to the persistent memory device, and configured to generate a first hash value using the replay counter and data stored in the non-volatile memory device, store the first hash value in the persistent memory device, and compare the first hash value to a second hash value generated using the replay counter and data stored in the non-volatile memory device.
The anti-replay protection system consists of a non-volatile memory (NVM) for data storage, a main power source, and an anti-replay protection (ARP) device. The ARP device, powered by the main source, includes a one-time programmable (OTP) memory that stores a replay counter. This counter is incremented when the ARP loses power. The ARP also contains persistent memory and a processor. The processor calculates a first hash value using the replay counter and the data in the NVM, stores this hash in the persistent memory, and then compares this first hash to a second hash, calculated using the current replay counter and the NVM data.
2. The system for anti-replay protection of claim 1 , wherein the anti-replay protection device further comprises: a memory controller configured to exchange data with the non-volatile memory device.
The anti-replay protection system described above also contains a memory controller within the anti-replay protection (ARP) device. This memory controller manages the transfer of data between the ARP device and the external non-volatile memory (NVM) device where the protected data resides. The memory controller allows the ARP device to read data from and write data to the NVM.
3. The system for anti-replay protection of claim 1 , wherein the processor is further configured to increment the replay counter in response to the first and second hash values being different.
In the anti-replay protection system, the processor increments the replay counter stored within the one-time programmable (OTP) memory if the first hash value (stored from a previous calculation) does not match the second hash value (calculated upon power-up). This ensures that the replay counter only advances when a replay attack is suspected.
4. The system for anti-replay protection of claim 1 , wherein the persistent memory device is battery-backed random access memory (RAM).
In the anti-replay protection system, the persistent memory, used to store the first hash value, is implemented using battery-backed random access memory (RAM). This ensures that the hash value is retained even when the main power source is unavailable, as long as the battery maintains power.
5. The system for anti-replay protection of claim 1 , wherein the processor is further configured to encrypt the first hash value before storing the first hash value in the persistent memory device.
In the anti-replay protection system, the processor encrypts the first hash value before storing it in the persistent memory device. This adds an additional layer of security, protecting the hash value itself from tampering and unauthorized access.
6. The system for anti-replay protection of claim 1 , further comprising: a backup power source configured to provide power to the anti-replay protection device in response to the anti-replay protection device losing power from the main power source, wherein the anti-replay protection device is further configured to write a copy of the first hash value to the non-volatile memory device in response to receiving power from the backup power source.
The anti-replay protection system includes a backup power source. If the anti-replay protection (ARP) device loses power from the main source, the backup power source provides power to the ARP. Upon receiving power from the backup source, the ARP writes a copy of the first hash value to the non-volatile memory (NVM). This provides an additional location for the hash value, increasing the likelihood of successful recovery after a power loss.
7. The system for anti-replay protection of claim 6 , further comprising: a power detector configured to instruct the backup power source to provide power to the anti-replay protection device in response to detecting a loss of power from the main power source.
The anti-replay protection system incorporates a power detector. This detector monitors the main power source and signals the backup power source to activate and supply power to the anti-replay protection (ARP) device whenever a loss of power from the main power source is detected. This ensures a seamless transition to the backup power source.
8. The system for anti-replay protection of claim 6 , wherein: the second hash value is generated in response to the anti-replay detection device regaining power from the main power source, and the anti-replay protection device is further configured to attempt to retrieve the copy of the first hash value from the non-volatile memory device in response to the first hash value from the persistent memory device and the second hash value being different.
In the anti-replay protection system, after the anti-replay protection (ARP) device regains power from the main source, the second hash value is generated. If this second hash value differs from the first hash value stored in persistent memory, the ARP attempts to retrieve the copy of the first hash value that was previously stored in the non-volatile memory (NVM).
9. The system for anti-replay protection of claim 8 , wherein the non-volatile memory device is erased and the replay counter is incremented in response to failing to retrieve the copy of the first hash value from the non-volatile memory device.
In the anti-replay protection system, if the anti-replay protection (ARP) device fails to retrieve the copy of the first hash value from the non-volatile memory (NVM) after detecting a potential replay attack, the entire NVM is erased to prevent unauthorized access to potentially compromised data. The replay counter in the one-time programmable (OTP) memory is then incremented to reflect the detected anomaly.
10. The system for anti-replay protection of claim 8 , wherein: the processor is further configured to compare the copy of the first hash value to the second hash value in response to retrieving the copy of the first hash value from the non-volatile memory device, and the non-volatile memory device is erased in response to the copy of the first hash value and the second hash value being different.
In the anti-replay protection system, after retrieving the copy of the first hash value from the non-volatile memory (NVM), the processor compares it to the second hash value. If these two hash values are different, it indicates a potential replay attack or data corruption. As a consequence, the NVM is erased to invalidate any potentially compromised data.
11. An anti-replay protection device comprising: a one-time programmable (OTP) memory device comprising a replay counter that is updated in response to at least a portion of the anti-replay protection device losing power from a main power source; a persistent memory device; and a processor, coupled to the OTP memory device and to the persistent memory device, and configured to generate a first hash value using the replay counter, store the first hash value in the persistent memory device, and compare the first hash value to a second hash value generated using the replay counter.
The anti-replay protection (ARP) device safeguards against replay attacks. It consists of a one-time programmable (OTP) memory containing a replay counter that increments on power loss. A persistent memory stores a first hash value. A processor calculates this first hash value using the replay counter and stores it. Upon system restart, the processor calculates a second hash value based on the current replay counter and compares it to the stored first hash value to detect discrepancies indicative of a replay attack.
12. The anti-replay protection device of claim 11 , further comprising: a memory controller configured to retrieve data stored in a non-volatile memory device that is external to the anti-replay protection device, wherein the processor is further configured to generate the first and second hash values based on the replay counter and the data retrieved from the non-volatile memory device.
The anti-replay protection (ARP) device includes a memory controller for interfacing with an external non-volatile memory (NVM) device. The processor calculates the first and second hash values using the replay counter and data read from this external NVM via the memory controller. This allows the ARP device to protect the integrity of data stored in the external NVM against replay attacks.
13. The anti-replay protection device of claim 12 , further comprising: a power-fail sequencer coupled to the memory controller and to the persistent memory device, wherein the power-fail sequencer is configured to retrieve the first hash value from the persistent memory device and instruct the memory controller to write a copy of the first hash to the non-volatile memory device in response to at least a portion of the anti-replay protection device losing power from the main power source.
The anti-replay protection (ARP) device includes a power-fail sequencer. This sequencer, connected to the memory controller and persistent memory, retrieves the first hash value from the persistent memory upon detecting a power loss. It then instructs the memory controller to write a copy of this first hash value to the external non-volatile memory (NVM) for backup and potential recovery.
14. The anti-replay protection device of claim 13 , wherein: the processor is further configured to generate the second hash value in response to the anti-replay detection device regaining power from the main power source, and the anti-replay protection device is further configured to attempt to retrieve the copy of the first hash value from the non-volatile memory device in response to the first hash value from the persistent memory device and the second hash value being different.
In the anti-replay protection (ARP) device, upon regaining power, the processor generates a second hash value. If this second hash value differs from the first hash value stored in persistent memory, the ARP attempts to retrieve the copy of the first hash value previously written to the non-volatile memory (NVM) by the power-fail sequencer, indicating a possible replay attack.
15. The anti-replay protection device of claim 14 , wherein the anti-replay protection device instructs the non-volatile memory to erase the data stored in the non-volatile memory device and increments the replay counter in response to failing to retrieve the copy of the first hash value from the non-volatile memory device.
In the anti-replay protection (ARP) device, if the retrieval of the backed-up first hash value from the non-volatile memory (NVM) fails, it signifies a critical integrity issue. As a result, the ARP instructs the NVM to erase its contents to prevent data compromise. Additionally, the replay counter is incremented within the ARP's OTP memory to reflect this security event.
16. The anti-replay protection device of claim 14 , wherein: the processor is further configured to compare the copy of the first hash value to the second hash value in response to retrieving the copy of the first hash value from the non-volatile memory device, and the anti-replay protection device instructs the non-volatile memory to erase the data stored in the non-volatile memory device in response to the copy of the first hash value and the second hash value being different.
The anti-replay protection (ARP) device, after retrieving the backed-up first hash value from the non-volatile memory (NVM), compares this retrieved hash value with the newly calculated second hash value. If a mismatch is detected, indicating a potential replay attack or data corruption, the ARP instructs the NVM to erase its contents to safeguard the system's integrity.
17. The anti-replay protection device of claim 11 , wherein the persistent memory device is battery-backed RAM.
In the anti-replay protection (ARP) device, the persistent memory used for storing the first hash value is specifically implemented using battery-backed RAM. This ensures that the hash value is preserved even during power outages, enabling accurate detection of replay attacks upon system restart.
18. The anti-replay protection device of claim 11 , wherein the processor is further configured to increment the replay counter in response to the first and second hash values being different.
In the anti-replay protection (ARP) device, the processor increments the replay counter stored in the OTP memory when the first and second hash values do not match. This increment signifies a potential replay attack and updates the counter, thereby invalidating any attempts to replay older data associated with previous counter values.
19. A method for anti-replay protection of data stored in a non-volatile memory device, the method comprising: storing, in a one-time programmable (OTP) memory device, a replay counter that is incremented in response to failing to receive power from a main power source; generating, by a processor, a first hash value using the replay counter and data stored in the non-volatile memory device; storing, in a persistent memory device, the first hash value; generating, by the processor, a second hash value using the reply counter and data stored in the non-volatile memory device; and comparing, by the processor, the first hash value from the persistent memory device to the second hash value.
The anti-replay protection method for data in non-volatile memory involves storing a replay counter in a one-time programmable (OTP) memory, which increments upon power loss. A processor generates a first hash value using this counter and the data from the non-volatile memory. This first hash is stored in a persistent memory. Later, a second hash value is generated using the current replay counter and the non-volatile memory data. Finally, the method compares the first hash value from persistent memory with the newly generated second hash value to detect discrepancies indicative of replay attacks.
20. The method of claim 19 , further comprising: receiving power from a backup power source in response to failing to receive power from the main power source; transmitting a copy of the first hash value to the non-volatile memory device, wherein the generating the second hash value is in response to regaining power from the main power source.
The anti-replay protection method involves receiving power from a backup source when the main power fails. When powered by the backup, a copy of the first hash value is sent to the non-volatile memory. The second hash value is subsequently generated upon the system regaining power from the main source, allowing for a comparison against the backed-up first hash value to detect potential replay attacks.
21. The method of claim 20 , further comprising: attempting to retrieve the copy of the first hash value from the non-volatile memory device in response to the first hash value from the persistent memory device and the second hash value being different; and erasing the non-volatile memory device and incrementing the replay counter in response to failing to retrieve the copy of the first hash value from the non-volatile memory device.
The anti-replay protection method incorporates a step where, if the first hash value from persistent memory and the second hash value differ, the system attempts to retrieve a copy of the first hash value from the non-volatile memory. If this retrieval fails, indicating a potential replay attack or data corruption, the non-volatile memory is erased to prevent data compromise, and the replay counter is incremented to record the event.
22. The method of claim 20 , further comprising: attempting to retrieve the copy of the first hash value from the non-volatile memory device in response to the first hash value from the persistent memory device and the second hash value being different; comparing the copy of the first hash value to the second hash value in response to retrieving the copy of the first hash value from the non-volatile memory device; erasing the non-volatile memory device in response to the copy of the first hash value and the second hash value being different or in response to failing to retrieve the copy of the first hash value; and incrementing the replay counter.
The anti-replay protection method involves attempting to retrieve a copy of the first hash value from the non-volatile memory when the first hash value from persistent memory and the second hash value differ. If the retrieval is successful, the copied first hash is compared to the second hash. If these values differ, or if the initial retrieval fails, the non-volatile memory is erased to prevent data compromise, and the replay counter is incremented to reflect the security event.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
March 30, 2015
June 27, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.